Breachlock

**Name of the Vulnerable Software and Affected Versions** KNIME Business Hub versions prior to 1.4.0 **Description** The issue is related to missing HTTP headers, specifically X-Frame-Options and Content-Security-Policy, in KNIME Business Hub. This omission leaves users vulnerable to clickjacking attacks. Clickjacking is a type of attack where an attacker uses a transparent iframe to trick a user into clicking on an actionable item, such as a button or link, on a different server that has an identical webpage. The attacker essentially hijacks the user's activity intended for the original server and redirects it to another server. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent clickjacking attacks, such as configuring the `X-Frame-Options` and `Content-Security-Policy` headers manually. Restrict access to sensitive areas of the application to minimize the risk of exploitation.